1302 matches found
AlmaLinux 9 : bind9.18 (ALSA-2025:19950)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19950 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 bind: Resource exhaustion via...
AlmaLinux 9 : bind (ALSA-2025:21110)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:21110 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 Tenable has extracted the precedi...
SUSE-SU-2025:4107-1 Security update for bind
This update for bind fixes the following issues: - CVE-2025-40778: Address various spoofing attacks bsc1252379. - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator bsc1252380...
Siemens SIMATIC S7-1500 Use of Insufficiently Random Values (CVE-2020-11501)
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...
Siemens SIMATIC S7-1500 Use of Insufficiently Random Values (CVE-2019-1010025)
DISPUTED GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthreadcreated thread. The component is: glibc. NOTE: the vendor's position is ASLR bypass itself is not a vulnerability. This plugin only works with Tenable.ot. Please visit...
CVE-2025-64429
DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...
PYSEC-2025-112
DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...
MAL-2025-162603 Malicious code in nokire-kilua17 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5db4ea2fd04e60bffd2385818ff307c777dd5767a34b0be071538a3ab9769adc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2025-12787
The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to unauthorized booking cancellation in all versions up to, and including, 1.1.27. This is due to the plugin's "tfhbmeetingformsubmitcallback" function using insufficiently random values to generate...
Malicious code in nightmare-envconfig-nestjs-firebase (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ce283718877e46946175f033597ea72cdc7ff55bfdf108784806ef510eb5bbf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in react-bootstrap-publish-concurrently-command (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40ca53b27778645d89b96eb595882242733d814a4cfe82678efc4b8e67b9ab61 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-149471 Malicious code in wezen-uglify-js-stop-regulus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0cb747f817d3854691f2f4e78d85638306150ffa98f5d294bc280cfc35f51d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
PT-2025-46723
Name of the Vulnerable Software and Affected Versions DuckDB versions 1.4.0 through 1.4.1 Description DuckDB, a SQL database management system, contains issues related to its block-based encryption implementation introduced in version 1.4.0. The system can fall back to an insecure random number...
Important: bind security update
The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...
RHEL 9 : bind9.18 (RHSA-2025:21111)
"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21111 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which...
MAL-2025-137094 Malicious code in strange_shrew_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e39a01b860b47e216a5717789f8d4cf047a77b091de20e192db5de1a5d4abc2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-128255 Malicious code in lina-tek63-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab6627c67647d3ec639013526d6a6fd1803e60af68ece71317deeacee3700926 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-130627 Malicious code in tomi-kue43-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f05d3e601e1a685bf3f9f499a8dad0b430efe68a14e32f41996cb30d9a44efc1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nina-keripik11-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef4f5700d451e2980bb9fe14afa1f2a1f729c76659dd586edc39aa646ec395e3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lutfi-lapis7-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7513242b0c58e4de206f988fa8a039891e5c75cdeb7f08c258e3cb4c0e958dc3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...